Fix NPE when application password response is missing password or UUID#22952
Draft
adalpari wants to merge 1 commit into
Draft
Fix NPE when application password response is missing password or UUID#22952adalpari wants to merge 1 commit into
adalpari wants to merge 1 commit into
Conversation
Collaborator
Generated by 🚫 Danger |
The Gson-deserialized ApplicationPasswordCreationResponse declared its fields as non-null, but Gson populates objects via reflection and bypasses Kotlin's null checks. When the API returns a 200 response missing the `password` or `uuid` field, those nulls flowed into the non-null ApplicationPasswordCreationPayload constructor, crashing the app (in the minified release build the parameter null-check compiles to a bare getClass() call, producing the reported NPE). Make the response fields nullable and validate them, returning the existing error payload instead of crashing. Applied to both the Jetpack and WP-API clients, which share the response type. Crash report: https://a8c.sentry.io/issues/7522022287/ Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
adalpari
force-pushed
the
fix/application-password-null-fields-crash
branch
from
dda20c6 to
0da0911
Compare
Contributor
|
|
Contributor
|
|
Contributor
🤖 Build Failure AnalysisThis build has failures. Claude has analyzed them - check the build annotations for details. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes a crash when the WordPress.com / WP-API application password endpoint returns a
200response that is missing thepasswordoruuidfield.ApplicationPasswordCreationResponsedeclared its fields as non-null, but Gson populates objects via reflection and bypasses Kotlin's null-safety. When the field is absent/null in the JSON, the value flowed into the non-nullApplicationPasswordCreationPayloadconstructor and threw an NPE. In the minified release build the parameter null-check compiles to a baregetClass()call, which is exactly the reported crash signature.Fix
uuid,name, andpasswordonApplicationPasswordCreationResponsenullable to match what Gson can actually produce.passwordoruuidis missing, return the existing error payload ("Password or UUID missing from response") instead of crashing. The result propagates as a normalApplicationPasswordCreationResult.Failure— the same path used for other creation errors.JetpackApplicationPasswordsRestClient(where the crash was reported) andWPApiApplicationPasswordsRestClient, which share the response type.Tests
Added unit tests for both clients covering: valid response, null password, null uuid, null body, and network error.
Crash report
https://a8c.sentry.io/issues/7522022287/?environment=prod&environment=release&project=5731682&query=release%3A%22com.jetpack.android%4026.8-rc-5%2B1493%22&referrer=release-issue-stream
Reported on
com.jetpack.android@26.8-rc-5+1493.🤖 Generated with Claude Code